cfd3a6e3273b92b49cac236a2d298e05de5071e58af662f870c29ae8af49a0c4

Sharing

Copy URL Twitter E-mail

General

Target

cfd3a6e3273b92b49cac236a2d298e05de5071e58af662f870c29ae8af49a0c4
Size

604KB
MD5

b8b8845cbb375070a65e4e65709110a8
SHA1

d71702706c4d2b08976d8a4611d248a6d2c11105
SHA256

cfd3a6e3273b92b49cac236a2d298e05de5071e58af662f870c29ae8af49a0c4
SHA512

75f51c0259d6459d011c0f53e19284dfc5475473b69838eb7252bb6dd1fe676de820429fad85bac49b2a8482064b54c7908af815dfc3a4ebb18849e0b5cfe1d4
SSDEEP

12288:AZcly/mE9VNBCAeQiPmTE1n8r4pQvHJxG9Y0JJu1E3Vv65gQqwB7:AmhE9VxWuTE1n8rzUJJ0gs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfd3a6e3273b92b49cac236a2d298e05de5071e58af662f870c29ae8af49a0c4

Files

cfd3a6e3273b92b49cac236a2d298e05de5071e58af662f870c29ae8af49a0c4
.dll windows:6 windows x86 arch:x86

85fa71379941ae8bb5b8e8b469acf9f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\bin\MonoJunkiex86.pdb

Imports

kernel32

GetCurrentProcessId
K32EnumProcessModules
FormatMessageW
LoadLibraryW
LocalFree
FreeLibrary
FormatMessageA
EnterCriticalSection
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
ResumeThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
Thread32Next
Thread32First
WaitForSingleObject
ResetEvent
GetTickCount
GetCurrentThreadId
SuspendThread
GetExitCodeThread
TerminateThread
GetModuleHandleW
GetThreadTimes
OpenThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentThread
WriteFile
CreateFileW
GetProcAddress
ReadFile
OpenProcess
GetNativeSystemInfo
IsWow64Process
DeviceIoControl
WideCharToMultiByte
WriteProcessMemory
VirtualProtectEx
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
SetThreadContext
VirtualQueryEx
GetSystemInfo
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
CreateThread
CloseHandle
Sleep
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileAttributesExW
ExitProcess
GetModuleHandleExW
HeapFree
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
SetEndOfFile

user32

wsprintfW

advapi32

RegSetValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHDeleteKeyW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85fa71379941ae8bb5b8e8b469acf9f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 450KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 450KB - Virtual size: 450KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 18KB